LDAP Account Manager and OpenDJ

From Freshmeat.net, I saw an announcement that LDAP Account Manager had reached version 3.4.0. Congratulations to Roland Gruber and all the other contributors. A quick summary from the project site:

LDAP Account Manager (LAM) is a web frontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. LAM was designed to make LDAP management as easy as possible for the user. It abstracts from the technical details of LDAP and allows persons without technical background to manage LDAP entries. If needed, power users may still directly edit LDAP entries via the integrated LDAP browser.

This morning I tried out the older version of LDAP Account Manager with OpenDJ, version 3.1 I believe, that has gone into Linux Mint 10.

Setup works through the PHP-based web GUI. Yet I managed to put a typo in my ldap URL and could not contact OpenDJ, which is running on another system. Looking around, I found that the config info entered through the PHP pages goes not under /etc/ldap-account-manager, but into /usr/share/ldap-account-manager/config/lam.conf. So sudo vi /usr/share/ldap-account-manager/config/lam.conf and I was back in the saddle again after fixing ldap://192.168.0.11:1/1389 to read ldap://192.168.0.11:1389.

The lam.conf file seems approximately self-explanatory. It says, “Please do not modify this file manually.” I admit to having been impolite therefore. But what I did seemed to work.

Could not figure out how to get LAM to login with cn=Directory Manager — note: probably a good thing — so to the list of Admins I added uid=mark,ou=people,dc=example,dc=com, which is one of the users in my OpenDJ setup. mark appeared in the drop-down lists of LAM admins after I saved.

Changed a number of base DNs in the file to reflect that my main suffix is dc=example,dc=com.

Changed ou=group,dc=example,dc=com to ou=Groups,dc=example,dc=com.

Also, one of the organizationalUnit entries was missing. I added ou=Machines,dc=example,dc=com on the OpenDJ server.

I’m just discovering LAM, so I haven’t scratched the surface, yet. My guess is that a number of standard schema definitions are missing in OpenDJ to handle the accounts, because I could not even create a new UNIX group, let alone a Samba 3 group. Instead I got an object class violation.

Nevertheless the GUI is quite nice. Will have to give LAM a longer look later.